Skip to main content

Apache Airflow CVE-2026-49298

| EUVDEUVD-2026-33580 HIGH
Insertion of Sensitive Information into Externally-Accessible File (CWE-538)
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Source Code Evidence Fetched
Jun 02, 2026 - 17:25 vuln.today
Analysis Generated
Jun 02, 2026 - 17:25 vuln.today
CVSS changed
Jun 02, 2026 - 17:22 NVD
8.8 (HIGH)
Patch available
Jun 01, 2026 - 10:01 EUVD
CVE Published
May 31, 2026 - 12:45 nvd
UNKNOWN (no severity yet)
CVE Published
May 31, 2026 - 12:45 nvd
HIGH 8.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 8 pypi packages depend on apache-airflow-core (2 direct, 6 indirect)

Ecosystem-wide dependent count for version 3.2.2.

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Sensitive information disclosure in Apache Airflow versions prior to 3.2.2 exposes JWT authentication tokens via KubernetesExecutor command-line arguments, allowing low-privileged users with process listing access on worker pods to harvest credentials and impersonate workers against the Execution API. The flaw, addressed in PR #60108 alongside a redesign of workload/execution token lifetimes, carries a CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit has been identified at time of analysis and EPSS sits at 0.02%, suggesting limited mass-exploitation activity.

Technical ContextAI

Apache Airflow's KubernetesExecutor launches worker pods by passing task execution parameters as command-line arguments to the airflow CLI inside the container. Per CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory), the workload JWT - used by workers to authenticate against the Execution API - was placed where it became visible through process listings (e.g., /proc/<pid>/cmdline, ps output, container introspection, or pod spec inspection via the Kubernetes API). The PR #60108 diff shows a broader hardening of the JWT scope model: distinguishing long-lived workload-scoped tokens (tied to scheduler task_queued_timeout, default 600s) from short-lived execution-scoped tokens (default 10 minutes) refreshed transparently by JWTReissueMiddleware, narrowing the blast radius if a token is leaked.

RemediationAI

Vendor-released patch: upgrade Apache Airflow to 3.2.2 or later, where the JWT token is no longer passed via worker command-line arguments and the workload/execution scope split limits token validity windows (see PR https://github.com/apache/airflow/pull/60108 and Apache thread https://lists.apache.org/thread/wo09vrks8189dzsot39rvrx3vnx102tt). Where immediate upgrade is not possible, compensating controls include restricting Kubernetes RBAC so non-admin service accounts cannot read pod specs or exec into worker pods in the Airflow namespace (side effect: blocks legitimate debugging by developers), enforcing PodSecurity restrictions and disabling shared process namespaces between sidecars and workers (side effect: may break existing observability sidecars that rely on /proc visibility), reducing scheduler task_queued_timeout to shrink the workload token validity window (side effect: more aggressive reaping of legitimately queued tasks under load), and rotating the JWT signing key after upgrade to invalidate any tokens that may have been harvested pre-patch.

Share

CVE-2026-49298 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy